Security & Trust

Papers accepted at CRiSIS 2024

Published: Oct 9, 2024
Tags:papers
The following papers have been accepted at the 19th International Conference on Risks and Security of Internet and Systems (CRiSIS 2024):
  • Title: Modeling and Assessing Coercion Threats in Electronic Voting
  • Author: Riccardo Longo, Majid Mollaeefar, Umberto Morelli, Chiara Spadafora, Alessandro Tomasi, Silvio Ranise
  • Abstract: Electronic voting holds the potential to increase voter participation and streamline election processes, but its broad use is limited by many challenges, e.g., ensuring system security and usability. One of the most difficult threats to counter is coercion; i.e., the ability to monitor and force voters’ actions. This paper proposes a methodology to assess an e-voting system’s resistance to coercion by gathering the security properties that an e-voting solution should offer from both academia and regulation, and adapting the Microsoft STRIDE and LINDDUN threats and the OWASP Risk Rating Technologies to the e-voting scenario.
  • Title: Protecting Digital Identity Wallet: A Threat Model in the Age of eIDAS 2.0
  • Author: Amir Sharif, Zahra Ebadi Ansaroudi, Giada Sciarretta, Daniela Pöhn, Majid Mollaeefar, Wolfgang Hommel, Silvio Ranise
  • Abstract: The revised eIDAS regulation (eIDAS 2.0) advocates a shift from federated identity management systems (such as SAML and OpenID Connect) to user-centric identity-based systems. It defines the European Digital Identity Wallet as a key component. The main goal is to enhance privacy by empowering citizens to selectively disclose personal data in a controlled way. To facilitate the implementation of an interoperable Wallet solution, the EU Commission published a reference architecture and identified a high-level set of requirements. However, comprehensive security and privacy guidelines to ensure a secure and privacy-preserving solution are still missing. To address this gap, we provide threat modeling explicitly designed for the Digital Identity Wallet context. This allows for identifying potential threats and a set of effective controls to secure the implementations.

About the conference

  • Name: 19th International Conference on Risks and Security of Internet and Systems (CRiSIS 2024)
  • Date: from November 26, 2024 to November 28, 2024
  • Location: Aix-en-Provence, France
  • Website: https://crisis2024.univ-gustave-eiffel.fr

Involved People

Alessandro Tomasi

Alessandro Tomasi

Amir Sharif

Amir Sharif

Giada Sciarretta

Giada Sciarretta

Majid Mollaeefar

Majid Mollaeefar

Riccardo Longo

Riccardo Longo

Silvio Ranise

Silvio Ranise

Umberto Morelli

Umberto Morelli

Zahra Ebadi Ansaroudi

Zahra Ebadi Ansaroudi